natrat22
asked on
SBS2008 Outlook continually prompting for username/pw after email domain change
I think i made a boo boo.
I have a small office with an SBS2008 box and six or so users, running Outlook (2007 or 2010).
Recently they wanted to change their primary email domain name from the one set up with SBS.
So, I ran the Set up your Internet Address wizard again, and put in the new domain.
This changed everything in exchange, so their primary emails were now correct. I also added in the original email via the Exchange Management Console so they could receive email on that address too.
Anyway email delivery has no problem. However, all Outlook clients are constantly getting a popup for their username and password. If they put inthe details it goes away for 10 mins or so, then appears again. Email still flows even if they cancel the box, it seems an annoyance more than anything but its REALLY annoying.
Anyway, to resolve it I've tried many things including running the certificate wizard again (they have a self signed cert) and confirming the certificate has the new domain in it, i've manually forced the install of the new certifiacte via internet explorer on all the clients, I've installed Exchange 2007 SP2, I've deleted and re-created the exchange account in outlook, i've turned off Exchange over HTTP on all local office clients outlook.
Where else should i be looking?
cheers
nathan
I have a small office with an SBS2008 box and six or so users, running Outlook (2007 or 2010).
Recently they wanted to change their primary email domain name from the one set up with SBS.
So, I ran the Set up your Internet Address wizard again, and put in the new domain.
This changed everything in exchange, so their primary emails were now correct. I also added in the original email via the Exchange Management Console so they could receive email on that address too.
Anyway email delivery has no problem. However, all Outlook clients are constantly getting a popup for their username and password. If they put inthe details it goes away for 10 mins or so, then appears again. Email still flows even if they cancel the box, it seems an annoyance more than anything but its REALLY annoying.
Anyway, to resolve it I've tried many things including running the certificate wizard again (they have a self signed cert) and confirming the certificate has the new domain in it, i've manually forced the install of the new certifiacte via internet explorer on all the clients, I've installed Exchange 2007 SP2, I've deleted and re-created the exchange account in outlook, i've turned off Exchange over HTTP on all local office clients outlook.
Where else should i be looking?
cheers
nathan
It could be cached credentials.
Close all apps
Open Control Panel
Open User Accounts
Open Credential Manager
Delete any credentials that refer to your server
Reboot
Close all apps
Open Control Panel
Open User Accounts
Open Credential Manager
Delete any credentials that refer to your server
Reboot
Did you use the SBS2008 wrapper tool to install SP2 on exchange?
Start by installing Exchange 2007 SP3 on to the server, then the latest rollup. That will correct a lot of issues.
The self signed certificate is probably the cause of the problems. Outlook cannot cope with a self signed certificate and its prompts. Switching to a signed certificate is the best way to deal with it.
http://exchange.sembee.info/2007/install/sbs2008ssl.asp
Simon.
The self signed certificate is probably the cause of the problems. Outlook cannot cope with a self signed certificate and its prompts. Switching to a signed certificate is the best way to deal with it.
http://exchange.sembee.info/2007/install/sbs2008ssl.asp
Simon.
ASKER
Thanks for the comments. I did use the SBS2008 wrapper tool to install SP2. I also think the issue is only actually happening on all the Outlook 2007 clients, not 2010.
I will check cached credentials and install Exchange SP3. Is there a similar wrapper tool required to install Exchange SP3 on SBS2008?
If none of that works I'll purchase a signed certificate.
will report back.
thanks
nathan
I will check cached credentials and install Exchange SP3. Is there a similar wrapper tool required to install Exchange SP3 on SBS2008?
If none of that works I'll purchase a signed certificate.
will report back.
thanks
nathan
ASKER
Hmm i may have found a possibly related issue. There seems to be a two year old expired certificate being found by autodiscover.customersdoma
(have also found the instructions for SP3 install and seen no wrapper tool required)
(have also found the instructions for SP3 install and seen no wrapper tool required)
The certificate has nothing to do with the domain age.
I expect that autodiscover.example.com will resolve to an external hosting company. That hosting company will have Plesk installed to manage their web hosting - Plesk is a control panel.
You need to ensure that autodiscover.example.com resolves to the SBS server's external IP address, and if you are going to use Outlook Anywhere, ActiveSync etc that you have a commercial signed certificate that includes autodiscover.
http://exchange.sembee.info/2007/install/sbs2008ssl.asp
Simon.
I expect that autodiscover.example.com will resolve to an external hosting company. That hosting company will have Plesk installed to manage their web hosting - Plesk is a control panel.
You need to ensure that autodiscover.example.com resolves to the SBS server's external IP address, and if you are going to use Outlook Anywhere, ActiveSync etc that you have a commercial signed certificate that includes autodiscover.
http://exchange.sembee.info/2007/install/sbs2008ssl.asp
Simon.
ASKER
Exchange 2007 SP3 didnt help.
what i have now noticed though is this:
I've unticked Connect to Microsoft Exchange Using HTTP in the exchange account settings in Outlook as I'm pretty sure its a certificate related issue todo with that.
however once the outlook authentication popup appears, if you enter the username and password, that setting immediately becomes ticked again.
I guess installing a proper 3rd party certificate would fix this also? Is there any other way?
what i have now noticed though is this:
I've unticked Connect to Microsoft Exchange Using HTTP in the exchange account settings in Outlook as I'm pretty sure its a certificate related issue todo with that.
however once the outlook authentication popup appears, if you enter the username and password, that setting immediately becomes ticked again.
I guess installing a proper 3rd party certificate would fix this also? Is there any other way?
ASKER
Following this post here seems to have fixed the issue:
http://ilantz.com/2009/06/18/prevent-outlook-anywhere-aka-rpc-over-http-from-being-automaticly-configured-in-exchange-2007-with-autodiscover/
But i expect using a proper certificate would also. Ill monitor it over the next day and see.
http://ilantz.com/2009/06/18/prevent-outlook-anywhere-aka-rpc-over-http-from-being-automaticly-configured-in-exchange-2007-with-autodiscover/
But i expect using a proper certificate would also. Ill monitor it over the next day and see.
The reason it gets enabled again is because autodiscover is correcting your configuration, which is what it is designed to do.
Furthermore, those settings shouldn't be used - the way that Outlook Anywhere (Exchange over HTTPS) works is that it only kicks in if a connection via TCP/IP cannot be made. Disabling the feature in Outlook doesn't really resolve the underlying problem, it just deals with the symptoms.
Simon.
Furthermore, those settings shouldn't be used - the way that Outlook Anywhere (Exchange over HTTPS) works is that it only kicks in if a connection via TCP/IP cannot be made. Disabling the feature in Outlook doesn't really resolve the underlying problem, it just deals with the symptoms.
Simon.
ASKER
It didnt actually fix it anyway, some Outlook clients still getting the popup username pw prompts. I guess trying a third party certificate is the next step?
I still dont understand why it all worked perfectly with the original setup and the self signed cert but i can't get rid of the prompts since changing their email domain on SBS. There must be somewhere on the server that needs something else changed manually.
I still dont understand why it all worked perfectly with the original setup and the self signed cert but i can't get rid of the prompts since changing their email domain on SBS. There must be somewhere on the server that needs something else changed manually.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try this on a client:
1) Close Outlook
2) In a CMD-box type:
ipconfig /flushdns
3) Reopen Outlook